*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> secconfig (8)              
Title
Content
Arch
Section
 

secconfig(8)

Contents


NAME    [Toc]    [Back]

       secconfig,  secsetup  -  Security features setup graphical
       interface (Enhanced Security)

SYNOPSIS    [Toc]    [Back]

       /usr/sbin/sysman secconfig

                                  Note

       The secsetup utility has been replaced  by  the  secconfig
       graphical interface.

DESCRIPTION    [Toc]    [Back]

       The  secconfig  utility  is  a graphical interface used to
       select the level of system security needed. It can convert
       from  Base  to  enhanced security mode, and configure base
       and enhanced security features. If you are using secconfig
       to  enable  Enhanced  security, you must first have loaded
       the enhanced security subsets.

       You can run secconfig while the  system  is  in  multiuser
       mode.  However,  if  you  change  the  security level, the
       change is not completed until you reboot the system.

       For both base and enhanced security, the secconfig utility
       allows  you  to  enable  segment sharing, to enable access
       control lists (ACLs), and to restrict the setting  of  the
       execute bit to root only.

       For  enhanced security, the secconfig utility additionally
       allows you  to  configure  security  support  from  simple
       shadow passwords all the way to a strict C2 level of security.
 Shadow password support is an easy method for system
       administrators, who do not wish to use all of the extended
       security features, to move each  user's  password  out  of
       /etc/passwd  and  into  the extended user profile database
       (auth.db. You can use the  Custom  mode  if  you  wish  to
       select  additional  security  features,  such  as  breakin
       detection and evasion, automatic  database  trimming,  and
       password controls.

       When  converting from base to enhanced security, secconfig
       updates  the  system  default   database   (/etc/auth/system/default)
 and uses the convuser utility to migrate user
       accounts.

       While  it  is  possible  to  convert  user  accounts  from
       enhanced  back  to base, the default encryption algorithms
       and supported password lengths  differ  between  base  and
       enhanced  security,  and  thus user account conversions do
       not succeed without a password change.

                                  Note

       Because of the  page  table  sharing  mechanism  used  for
       shared  libraries,  the normal file system permissions are
       not adequate to protect against unauthorized reading.  The
       secconfig interface allows you to disable segment sharing.
       The change in segment sharing takes  effect  at  the  next
       reboot.

FILES    [Toc]    [Back]

       /etc/auth/system/default

       /etc/passwd

       /tcb/files/auth.db

SEE ALSO    [Toc]    [Back]

      
      
       acl(4), authcap(4), default(4), convuser(8)

       Security



                                                     secconfig(8)
[ Back ]
 Similar pages
Name OS Title
auditconfig Tru64 Audit subsystem configuration graphical interface (Enhanced Security)
audit_setup Tru64 Audit subsystem configuration graphical interface (Enhanced Security)
db_archive Tru64 displays security database log files no longer involved in active transactions (Enhanced Security)
db_dump185 Tru64 Reads and writes the security databases (Enhanced Security)
db_dump Tru64 Reads and writes the security databases (Enhanced Security)
db_checkpoint Tru64 Periodically checkpoint the security database log (Enhanced Security)
authcap Tru64 Format of security databases (Enhanced Security)
setluid Tru64 Get or set the login UID (Enhanced Security)
getluid Tru64 Get or set the login UID (Enhanced Security)
prpasswdd Tru64 Enhanced security daemon
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service